CVE-2021-31818
published 2021-06-17CVE-2021-31818: Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API…
PriorityP427medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.62%
45.3th percentile
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | server | >= 2018.9.17 < 2018.13.0 | 2018.13.0 |
| octopus | server | >= 2020.0.0 < 2020.6.0 | 2020.6.0 |
| octopus | server | >= 2020.6.0 < 2020.6.5146 | 2020.6.5146 |
| octopus | server | >= 2021.1.0 < 2021.1.7316 | 2021.1.7316 |
| octopus_deploy | octopus_server | >= 2018.9.17 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2021.1.7149 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2020.6.5146 | 2020.6.5146 |
| octopus_deploy | octopus_server | >= unspecified < 2021.1.7316 | 2021.1.7316 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-06-17
Published